End-of-Life (EoL)

Agent Configurations Based on the Endpoint’s Machine Certificate

Use the following steps to push agent configurations to connecting endpoints based on the endpoint's machine certificate:
  1. If you want to use the endpoint's machine certificate to identify the endpoint status, configure a certificate profile.
    The GlobalProtect portal uses this certificate profile to match the machine certificate sent by the GlobalProtect app. For a successful match, the machine certificate must be signed and issued by the same CA certificate and (optional) template that you configure in the certificate profile. If you do not configure a template, the machine certificate matches based on only the configured CA certificate.
  2. Define the data that the GlobalProtect app collects from connecting endpoints after users successfully authenticate to the portal.
    To specify the machine certificates that you want the GlobalProtect app to collect from connecting endpoints, select the
    Certificate Profile
    that you configured in Step 1.
  3. Add config selection criteria for your agent configuration based on certificate profiles.
    After the GlobalProtect app collects machine certificates from connecting endpoints (as defined in Step 3), it sends the certificates to the portal to match against the certificate profile that you specify in the config selection critiera for each agent configuration. If an endpoint matches all config selection criteria for an agent configuration, the portal pushes that agent configuration to the endpoint.
    To deliver your agent configuration to connecting endpoints based on the endpoints’ machine certificate, use the following steps:
    1. Select
      Config Selection Criteria
      Device Checks
    2. In the Machine Certificate Check area, select a
      Certificate Profile
      to match against the machine certificates installed on the endpoints.
  4. Save the portal configuration.
    1. Click
    2. Commit
      your changes.

Recommended For You